Of course I would support them finding out who hacked it. I use bitcoinica as well (now even more since I'm never touching gox again) and I want them to stick around.

But you can't lock accs on people trying to spend the coins. Having the coins isn't proof of anything. Especially only $150 worth. (that would be 100% of my customers paid in stolen coins, highly unlikely) Ironically the only reason I even bothered to start accepting BTC is chargebacks (which for all intents and purposes, this is) can't happen with btc. *unless you use Mt Gox

Of course I would support them finding out who hacked it. I use bitcoinica as well (now even more since I'm never touching gox again) and I want them to stick around.

But you can't lock accs on people trying to spend the coins. Having the coins isn't proof of anything. Especially only $150 worth. (that would be 100% of my customers paid in stolen coins, highly unlikely) Ironically the only reason I even bothered to start accepting BTC is chargebacks (which for all intents and purposes, this is) can't happen with btc. *unless you use Mt Gox

I feel your pain, I really do. Since they are not denying you anything and simply asking for verification, there is not much energy I can spend on defending you though.

MtGox is quickly becoming the Paypal that brought most of us to Bitcoin in the first place, but let's wait a bit until they start locking accounts cold instead of just asking for verification. When they hold your money and never let it go, give me a call.

Yesterday I got my mt gox acc locked. I thought it was strange since I barely use the service and put a few hundred a month through it. I wasn't passing any limits or moving any amount of money that matters. Well today I got a reply to my support ticket, here it is.

Quote

Hello Name,

Thank you for your inquiry. Due to the incident of stolen coins from Bitcoinica a couple of weeks ago, the accounts that are suspected to have been receiving the tainted coins were flagged for AML. If you believe that this was done in error, please submit your official ID and proof of residence so that the AML team may verify your account. Our apologies for the inconvenience caused and thank you for your kind cooperation in this matter.

Thanks,

MtGox.com Team

This is the first time BTC has entered my acc since the linode hacks. It was less than $150 and it was payments from customers all over the world. So of course there might be some tainted coins in there but I suspect the percent of them would be very low. I also bet any of you that have accepted payments in the last few weeks will have the same small percent of taint. Of course Mt gox sees this is a great opportunity to shit on the community when it's down, and steal from us. It's obvious they are using this as an excuse to lock accounts based on the chance they won't verify, then profit. Nice business practices there.

Are they even allowed to do this? I'm sure their EULA says they can, right after they sacrifice your firstborn and empty your bank account because of a typo, but legally? They think they can say what coins are good or bad? How could merchants accept payments if this is the case? It's the same as a charge back just through different means.

Our automatic system tracked coins we suspect stolen from another point, which means we are likely to get a request from law enforcement to identify you (only within the scope of a current and valid investigation). If we don't have your ID on file, we require one.

We are not to decide if you are allowed or not to sell the coins you deposit on MtGox. This is your own responsibility, taken on your own name. This is another reason we need to have an ID on file that matches your account in this specific case.

As soon as you submit the required documents for verification, you can do whatever you want with the funds on your account. Note that not submitting an ID doesn't mean nothing will happen. If a criminal investigation is indeed in progress, we won't be able to deny access to other identifying records such as IP address and others. This doesn't mean either we will provide private details to just any court either.

--------------------------------------

We understand your position and we even have a solution for you, so please do not hesitate to send us your AML document as soon as possible. We are sure that you are an honest person doing honest business and that the "tainted" coins arrived in your hands without you noticing they were stolen. Our goal here is not to bother you, our goal is to track down who stole these coins and make sure to help people to recover their coins and prevent others to have their coins stolen.

We understand your position and we even have a solution for you, so please do not hesitate to send us your AML document as soon as possible. We are sure that you are an honest person doing honest business and that the "tainted" coins arrived in your hands without you noticing they were stolen. Our goal here is not to bother you, our goal is to track down who stole these coins and make sure to help people to recover their coins and prevent others to have their coins stolen.

I'm not sending any scanned documents because frankly I do not trust you with them. You have demonstrated incompetence in securing customer data in the past. Now I feel as though you are extorting me for information. The reasons given by Tux are highly suspicious as well. With no proof of any investigation or need for IDs. If you do not want to do business with unverified accounts don't let them make accounts or deposit.

We understand your position and we even have a solution for you, so please do not hesitate to send us your AML document as soon as possible. We are sure that you are an honest person doing honest business and that the "tainted" coins arrived in your hands without you noticing they were stolen. Our goal here is not to bother you, our goal is to track down who stole these coins and make sure to help people to recover their coins and prevent others to have their coins stolen.

I'm not sending any scanned documents because frankly I do not trust you with them. You have demonstrated incompetence in securing customer data in the past. Now I feel as though you are extorting me for information. The reasons given by Tux are highly suspicious as well. With no proof of any investigation or need for IDs. If you do not want to do business with unverified accounts don't let them make accounts or deposit.

It is a legal obligation for us, or anyone else for that matter to report crimes when one has been committed, I am not talking about you here I am just referring to the "Linode" case. Since this crime has been reported here in Japan we are not authorized to publicly talk about the details of the investigation, however we have all the proper paperwork done here and ready to show once we are allowed too. Like everyone now who's trading on Mt.Gox you have agreed to our TOS and if you do not want to comply with them and our AML policy so be it, it is your choice, but you will have to understand that legally speaking until your account has not been clear we cannot do much.

If you do not want to do business with unverified accounts don't let them make accounts or deposit.

It seems that you do not understand the basic of a verified account and its needs. Here you are the details of AML and its needs https://bitcointalk.org/index.php?topic=60074.msg716220#msg716220In a perfect world, people do not need to be AML verified to use Mt.Gox exchange, however in order to protect you/our customer assets we need to check for "strange" behaviors and prevent people to have their assets stolen.

There isn't an easy way of following every coin you have in the wallet and is almost impossible to prove that the tainted coins you are holding weren't stolen by yourself.

So everybody who has bought coins in March can have his account frozen in MtGox and you are not giving us an easy way to prevent this. Not tainted list, neither an easy way to review the path followed by the coins. You are only offering the risk of being persecuted and your coins seized if we use MtGox service.

I'm only dealing with Intersango now, though I'd like to know of their stance about this to be honest.

MtGox can go fuck themselves.

Intersango don't trace coins (i.e. we don't go trying to pick "tainted" coins out of all the ones coming in), however if someone informs us that coins at a certain address were stolen, and they end up in an Intersango account in one or two transfers (like obvious movement of thieved coins), then we will freeze the account and investigate.

We're a legitimate, registered company and strive to remain compliant with laws and regulations. If we come across something that seems illegal we are required by law to take action, usually it means freezing the account and investigating(which would mean we'd ask for proof of identity, something we don't want to do cause it's a lot of effort on our part, better spent otherwise). Thats what we have to do.

Imagine if we were a used car dealership, and someone came in saying that their car was stolen, it was a Red 1984 Ford Cortina with white stripes. If someone that same day happened to roll up in a car fitting that description then you can bet we'd hold onto it and call the police, thats not only a legal requirement but moral.

But if someone pulls up with a car that happens to use one(or all) of the wheels from the stolen vehicle, then there isn't anything we're going to do.

Intersango don't break laws, and we don't want anyone to use our services to help them do so, if we get stolen coins then we'll freeze them, but the idea that coins are tainted is a joke, once they've been split and passed hands enough times coins are just coins and there is nothing anyone can do about it.

If MtGox have a policy of freezing all accounts that touch tainted coins, then soon enough all their accounts are going to be frozen.

It's still a serious flaw if you are performing any checks at all beyond a direct transaction of *allegedly* stolen bitcoins.

There is no way someone would inform you that coins at a certain address were stolen. Your addresses are largely private. The only way you can ever know that is by actively performing checks yourselves.

Seriously considering bitcoin's viability at all at this point, after seeing that the community consensus about morality and the way bitcoin works make it an inviable couple.

Not tainted list, neither an easy way to review the path followed by the coins.

You are making a very good point here, and I will check with my colleagues here what can be done and hopefully we could come with something.

Is this seriously the first time you geniuses thought about this problem? And you think it's ok to lock people's accounts without notification and then hold their money hostage until they comply with your every whim, even though NOTHING you're doing can ever be used to prove someone stole coins?

I have a lot of faith in the fundamentals of bitcoin, but it's certainly possible that irresponsible actions and tyrannical bullying from an exchange with too much market-share could indeed kill it. I was hoping you guys were smarter than that, seeing as how you supposedly have a large bitcoin investment yourself. But it looks like I was wrong.

Not tainted list, neither an easy way to review the path followed by the coins.

You are making a very good point here, and I will check with my colleagues here what can be done and hopefully we could come with something.

I really don't care if you check anything. Your company has become all what we fight against when some of us adopted Bitcoins. As a 80% exchanging transaction controller you have turned into a slow-big-fat-ass target for governments and hackers.

What do you expect will happen when your company officially announce that not all coins have the same value?

You, my sir, are attacking and potentially a risk to the best freedom currency I know.And that is why I wish your extinction.

It's still a serious flaw if you are performing any checks at all beyond a direct transaction of *allegedly* stolen bitcoins.

There is no way someone would inform you that coins at a certain address were stolen. Your addresses are largely private. The only way you can ever know that is by actively performing checks yourselves.

Seriously considering bitcoin's viability at all at this point, after seeing that the community consensus about morality and the way bitcoin works make it an inviable couple.

When coins are stolen the first stop for the victim is the forums, and then the exchanges (happens all the time), giving the address of the stolen coins, it's not rocket science, between MtGox and Intersango you've got most useful exchanges covered.

When someone comes to us with an address that has stolen coins, if it's one of our addresses we are required by law to do something about it, the same is true of MtGox and any other exchange that wants to remain open.

The fact is that exchanges have to exist in the physical world, which means they're subject to laws and regulations, if they don't follow them the exchange gets shut down, or before that point their bank account does, which has the same effect.

What do you mean by one of your addresses? that someone would transfer their stolen stash to addresses you give when creating an intersango account?

If that's the condition I doubt it will ever happen. It's pretty safe to assume that someone wouldn't transfer stolen coins to an address of an exchange, to which they have no private keys. Especially someone with the capability to perform the Linode attack.

Otherwise, if it's sent through a hoop it's safe to assume he was innocent or guilty and very stupid. If in doubt, what do you do?

You can also have people intentionally tainting random addresses. There are no private active addresses, as you surely know. Any address with any number of transactions is in the blockchain.

Because of these reasons there is no such thing as obviously stolen coins. The best you have is "likely stolen coins."

Look, I don't have programming skills. I don't have too much money. I don't live in a high end tecnological country. But I do love freedom and have determination.

So I can assure both of you that the same day the tainted coins list is published I will be starting a bounty searching for someone to develope a mining software whose only purpose will be melting the block reward with the huge fees from a fake transaction with a mix of good and tainted coins.

And what do you mean by "an address that happens to be in your system"?

Nefario - as pointed out by the above poster, your legal claims sound pretty outlandish. But I am disappointed you do not see the larger issues with adopting this policy.

1) The person contacting you can never prove their claim is true.2) The person who transferred money into your system is likely unaware - and proving otherwise is impossible for you. How would an innocent person who received a bitcoin transfer into one of their addresses (something they have NO control over) even know this had happened? Users have NO INFORMATION about which coins you guys are deciding to outlaw.3) The entire concept of "tainted coins" can destroy the value of bitcoin. Exchanges continuing down this path are reprehensible.

Today they replied to my second support ticket and demands that they release my funds:

Quote

Hello Name,

Our apologies for the inconvenience caused. According to the Terms of Service, we reserve the right to ask for AML documents if we suspect that any suspicious activity is going on in your account. Thank you for your kind understanding in this matter.

Thanks,

MtGox.com Team

As expected an "upload your docs or go fuck yourself" Of course "suspicious activity" is left undefined and completely up to them. They also ignore all inquires about what percent of the coins were "tainted."

Do you think MtGox WANT to spent their time verifying peoples ID's? It's not exactly a profit making activity.

I think they are probably targeting people from certain places and making them verify right after the deposit. Knowing there's a decent chance they won't bother thus forfeiting the account. I wouldn't be surprised if they had algorithms in place to do this all automatically. Then yes verifying accounts does turn into a profit. My case is a good example of it.

Assuming there's legal precedent to treat bitcoin the same as physical goods which can be stolen (which there isn't as of yet), you still have NO PROOF that those bitcoins were stolen.

Likewise, the person transferring into your accounts cannot provide proof they don't have stolen coins. People may have plenty of completely legitimate reasons for not wanting to give you all kinds of personal ID, though.

This guy was NOT VIOLATING AML REGULATIONS, and his money is being held hostage. He has not done anything "suspicious" - he's merely been using bitcoin as it was meant to be used, as digital cash.

Bottom line - users have to trust the exchanges not to pull this kind of shenanigans - and if you agree with Mt.Gox's shady behaviour here, you can't be trusted either. Which is very disappointing - because we need alternatives to MtGox when they start with this incredibly misguided nonsense.